'\" te
.\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved.
.\" Copyright 2019 Joyent, Inc.
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH SVC.STARTD 8 "Dec 11, 2019"
.SH NAME
svc.startd \- Service Management Facility master restarter
.SH SYNOPSIS
.nf
\fB/lib/svc/bin/svc.startd\fR
.fi

.LP
.nf
\fBsvc:/system/svc/restarter:default\fR
.fi

.SH DESCRIPTION
\fBsvc.startd\fR is the master restarter daemon for Service Management Facility
(SMF) and the default restarter for all services. \fBsvc.startd\fR starts,
stops, and restarts services based on administrative requests, system failures,
or application failures.
.sp
.LP
\fBsvc.startd\fR maintains service state, as well as being responsible for
managing faults in accordance with the dependencies of each service.
.sp
.LP
\fBsvc.startd\fR is invoked automatically during system startup. It is
restarted if any failures occur. \fBsvc.startd\fR should never be invoked
directly.
.sp
.LP
See \fBsmf_restarter\fR(7) for information on configuration and behavior common
to all restarters.
.sp
.LP
\fBsvcs\fR(1) reports status for all services managed by the Service
Configuration Facility. \fBsvcadm\fR(8) allows manipulation of service
instances with respect to the service's restarter.
.SS "Environment Variables"
Environment variables with the "SMF_" prefix are reserved and may be
overwritten.
.sp
.LP
\fBsvc.startd\fR supplies the "SMF_" environment variables specified in
\fBsmf_method\fR(7) to the method. PATH is set to "\fB/usr/sbin:/usr/bin\fR" by
default. By default, all other environment variables supplied to
\fBsvc.startd\fR are those inherited from \fBinit\fR(8).
.sp
.LP
Duplicate entries are reduced to a single entry. The value used is undefined.
Environment entries that are not prefixed with "<\fIname\fR>=" are ignored.
.SS "Restarter Options"
\fBsvc.startd\fR is not configured by command line options. Instead,
configuration is read from the service configuration repository. You can use
\fBsvccfg\fR(8) to set all options and properties.
.sp
.LP
The following configuration variables in the \fBoptions\fR property group are
available to developers and administrators:
.sp
.ne 2
.na
\fB\fBboot_messages\fR\fR
.ad
.sp .6
.RS 4n
An \fIastring\fR (as defined in \fBscf_value_is_type\fR; see
\fBscf_value_is_type\fR(3SCF)) that describes the default level of messages to
print to the console during boot. The supported message options include
\fBquiet\fR and \fBverbose\fR. The \fBquiet\fR option prints minimal messages
to console during boot. The \fBverbose\fR option prints a single message per
service started to indicate success or failure. You can use the \fBboot\fR
\fB-m\fR option to override the \fBboot_messages\fR setting at boot time. See
\fBkernel\fR(8).
.RE

.sp
.ne 2
.na
\fB\fBlogging\fR\fR
.ad
.sp .6
.RS 4n
Control the level of global service logging for \fBsvc.startd\fR. An
\fIastring\fR (as defined in \fBscf_value_is_type\fR; see
\fBscf_value_is_type\fR(3SCF)) that describes the default level of messages to
log to \fBsyslog\fR (see \fBsyslog\fR(3C) and \fBsvc.startd\fR's global
logfile, \fB/var/svc/log/svc.startd.log\fR. The supported message options
include \fBquiet\fR, \fBverbose\fR, and \fBdebug\fR. The \fBquiet\fR option
sends error messages requiring administrative intervention to the console,
\fBsyslog\fR and \fBsvc.startd\fR's global logfile. The \fBverbose\fR option
sends error messages requiring administrative intervention to the console,
\fBsyslog\fR and \fBsvc.startd\fR's global logfile, and information about
errors which do not require administrative intervention to \fBsvc.startd\fR's
global logfile. A single message per service started is also sent to the
console. The \fBdebug\fR option sends \fBsvc.startd\fR debug messages to
\fBsvc.startd\fR's global logfile, error messages requiring
administrative intervention to the console, \fBsyslog\fR and \fBsvc.startd\fR's
global logfile, and a single message per service started to the console.
.RE

.sp
.ne 2
.na
\fB\fBmilestone\fR\fR
.ad
.sp .6
.RS 4n
An FMRI which determines the milestone used as the default boot level.
Acceptable options include only the major milestones:
.sp
.in +2
.nf
svc:/milestone/single-user:default
svc:/milestone/multi-user:default
svc:/milestone/multi-user-server:default
.fi
.in -2
.sp

or the special values \fBall\fR or \fBnone\fR. \fBall\fR represents an
idealized milestone that depends on every service. \fBnone\fR is a special
milestone where no services are running apart from the master
\fBsvc:/system/svc/restarter:default\fR. By default, \fBsvc.startd\fR uses
\fBall\fR, a synthetic milestone that depends on every service. If this
property is specified, it overrides any \fBinitdefault\fR setting in
\fBinittab\fR(5).
.RE

.sp
.ne 2
.na
\fB\fBsystem/reconfigure\fR\fR
.ad
.sp .6
.RS 4n
Indicates that a reconfiguration reboot has been requested. Services with
actions that must key off of a reconfiguration reboot may check that this
property exists and is set to 1 to confirm a reconfiguration boot has been
requested.
.sp
This property is managed by \fBsvc.startd\fR and should not be modified by the
administrator.
.RE

.sp
.LP
Configuration errors, such as disabling \fBsvc.startd\fR are logged by
\fBsyslog\fR, but ignored.
.SS "SERVICE STATES"
Services managed by \fBsvc.startd\fR can appear in any of the states described
in \fBsmf\fR(7). The state definitions are unmodified by this restarter.
.SS "SERVICE REPORTING"
In addition to any logging done by the managed service, \fBsvc.startd\fR
provides a common set of service reporting and logging mechanisms.
.sp
.LP
Reporting properties \fBsvc.startd\fR updates a common set of properties on all
services it manages. These properties are a common interface that can be used
to take action based on service instance health. The \fBsvcs\fR(1) command can
be used to easily display these properties.
.sp
.ne 2
.na
\fB\fBrestarter/state\fR\fR
.ad
.br
.na
\fB\fBrestarter/next_state\fR\fR
.ad
.sp .6
.RS 4n
The current and next (if currently in transition) state for an instance.
.RE

.sp
.ne 2
.na
\fB\fBrestarter/auxiliary_state\fR\fR
.ad
.sp .6
.RS 4n
A caption detailing additional information about the current instance state.
The auxiliary state available for services managed by \fBsvc.startd\fR is:
.sp
.ne 2
.na
\fBmaintenance\fR
.ad
.RS 15n
.sp
.in +2
.nf
fault_threshold_reached
stop_method_failed
administrative_request
.fi
.in -2
.sp

.RE

.RE

.sp
.ne 2
.na
\fB\fBrestarter/state_timestamp\fR\fR
.ad
.sp .6
.RS 4n
The time when the current state was reached.
.RE

.sp
.ne 2
.na
\fB\fBrestarter/contract\fR\fR
.ad
.sp .6
.RS 4n
The primary process contract ID, if any, that under which the service instance
is executing.
.RE

.sp
.LP
\fBLogs\fR
.sp
.LP
By default, \fBsvc.startd\fR provides logging of significant restarter actions
for the service as well as method standard output and standard error file
descriptors to \fB/var/svc/log/\fIservice\fR:\fIinstance\fR.log\fR. The level
of logging to system global locations like \fB/var/svc/log/svc.startd.log\fR
and \fBsyslog\fR is controlled by the \fBoptions/logging\fR property.
.SS "SERVICE DEFINITION"
When developing or configuring a service managed by \fBsvc.startd\fR, a common
set of properties are used to affect the interaction between the service
instance and the restarter.
.sp
.LP
\fBMethods\fR
.sp
.LP
The general form of methods for the fork/exec model provided by
\fBsvc.startd\fR are presented in \fBsmf_method\fR(7). The following methods
are supported as required or optional by services managed by \fBsvc.startd\fR.
.sp
.ne 2
.na
\fB\fBrefresh\fR\fR
.ad
.RS 11n
Reload any appropriate configuration parameters from the repository or
\fBconfig\fR file, without interrupting service. This is often implemented
using \fBSIGHUP\fR for system daemons. If the service is unable to recognize
configuration changes without a restart, no refresh method is provided.
.sp
This method is optional.
.RE

.sp
.ne 2
.na
\fB\fBstart\fR\fR
.ad
.RS 11n
Start the service. Return success only after the application is available to
consumers. Fail if a conflicting instance is already running, or if the service
is unable to start.
.sp
This method is required.
.RE

.sp
.ne 2
.na
\fB\fBstop\fR\fR
.ad
.RS 11n
Stop the service. In some cases, the stop method can be invoked when some or
all of the service has already been stopped. Only return an error if the
service is not entirely stopped on method return.
.sp
This method is required.
.RE

.sp
.LP
If the service does not need to take any action in a required method, it must
specify the \fB:true\fR token for that method.
.sp
.LP
\fBsvc.startd\fR honors any method context specified for the service or any
specific method. The method expansion tokens described in \fBsmf_method\fR(7)
are available for use in all methods invoked by \fBsvc.startd\fR.
.sp
.LP
\fBProperties\fR
.sp
.LP
An overview of the general properties is available in \fBsmf\fR(7). The
specific way in which these general properties interacts with \fBsvc.startd\fR
follows:
.sp
.ne 2
.na
\fB\fBgeneral/enabled\fR\fR
.ad
.sp .6
.RS 4n
If enabled is set to true, the restarter attempts to start the service once all
its dependencies are satisfied. If set to false, the service remains in the
disabled state, not running.
.RE

.sp
.ne 2
.na
\fB\fBgeneral/restarter\fR\fR
.ad
.sp .6
.RS 4n
If this FMRI property is empty or set to
\fBsvc:/system/svc/restarter:default\fR, the service is managed by
\fBsvc.startd\fR. Otherwise, the restarter specified is responsible (once it is
available) for managing the service.
.RE

.sp
.ne 2
.na
\fB\fBgeneral/single_instance\fR\fR
.ad
.sp .6
.RS 4n
This was originally supposed to ensure that only one service instance could be
in online or degraded state at once; however, it was never implemented, and is
often incorrectly specified in multi-instance manifests. As such, it should be
considered obsolete and not specified in new manifests.
.RE

.sp
.LP
Additionally, \fBsvc.startd\fR managed services can define the optional
properties listed below in the \fBstartd\fR property group.
.sp
.ne 2
.na
\fB\fBstartd/critical_failure_count\fR
.ad
.br
.na
\fBstartd/critical_failure_period\fR\fR
.ad
.sp .6
.RS 4n
The \fBcritical_failure_count\fR and \fBcritical_failure_period\fR properties
together specify the maximum number of service failures allowed in a given
number of seconds before \fBsvc.startd\fR transitions the service to
maintenance.
If the number of failures exceeds \fBcritical_failure_count\fR in any period of
\fBcritical_failure_period\fR seconds, \fBsvc.startd\fR will transition the
service to maintenance. The \fBcritical_failure_count\fR value is limited
to the range 1-10 and defaults to 10.  The \fBcritical_failure_period\fR
defaults to 600 seconds.
.RE

.sp
.ne 2
.na
\fB\fBstartd/duration\fR\fR
.ad
.sp .6
.RS 4n
The \fBduration\fR property defines the service's model. It can be set to
\fBtransient\fR, \fBchild\fR also known as "\fBwait\fR" model services, or
\fBcontract\fR (the default).
.RE

.sp
.ne 2
.na
\fB\fBstartd/ignore_error\fR\fR
.ad
.sp .6
.RS 4n
The \fBignore_error\fR property, if set, specifies a comma-separated list of
ignored events. Legitimate string values in that list are \fBcore\fR and
\fBsignal\fR. The default is to restart on all errors.
.RE

.sp
.ne 2
.na
\fB\fBstartd/need_session\fR\fR
.ad
.sp .6
.RS 4n
The \fBneed_session\fR property, if set to true, indicates that the instance
should be launched in its own session. The default is not to do so.
.RE

.sp
.ne 2
.na
\fB\fBstartd/utmpx_prefix\fR\fR
.ad
.sp .6
.RS 4n
The \fButmpx_prefix\fR string property defines that the instance requires a
valid \fButmpx\fR entry prior to start method execution. The default is not to
create a \fButmpx\fR entry.
.RE

.SS "SERVICE FAILURE"
\fBsvc.startd\fR assumes that a method has failed if it returns a non-zero exit
code or if fails to complete before the timeout specified expires. If
\fB$SMF_EXIT_ERR_CONFIG\fR or \fB$SMF_EXIT_ERR_FATAL\fR is returned,
\fBsvc.startd\fR immediately places the service in the maintenance state. For
all other failures, \fBsvc.startd\fR places the service in the offline state.
If a service is offline and its dependencies are satisfied, \fBsvc.startd\fR
tries again to start the service (see \fBsmf\fR(7)).
.sp
.LP
If a contract or transient service does not return from its start method before
its defined timeout elapses, \fBsvc.startd\fR sends a \fBSIGKILL\fR to the
method, and returns the service to the offline state.
.sp
.LP
If three failures happen in a row, or if the service is restarting more than
once a second, \fBsvc.startd\fR places the service in the maintenance state.
.sp
.LP
The conditions of service failure are defined by a combination of the service
model (defined by the \fBstartd/duration\fR property) and the value of the
\fBstartd/ignore_error\fR property.
.sp
.LP
A contract model service fails if any of the following conditions occur:
.RS +4
.TP
.ie t \(bu
.el o
all processes in the service exit
.RE
.RS +4
.TP
.ie t \(bu
.el o
any processes in the service produce a core dump
.RE
.RS +4
.TP
.ie t \(bu
.el o
a process outside the service sends a service process a fatal signal (for
example, an administrator terminates a service process with the \fBpkill\fR
command)
.RE
.sp
.LP
The last two conditions may be ignored by the service by specifying core and/or
signal in \fBstartd/ignore_error\fR.
.sp
.LP
Defining a service as transient means that \fBsvc.startd\fR does not track
processes for that service. Thus, the potential faults described for contract
model services are not considered failures for transient services. A transient
service only enters the maintenance state if one of the method failure
conditions occurs.
.sp
.LP
"\fBWait\fR" model services are restarted whenever the child process associated
with the service exits. A child process that exits is not considered an error
for "\fBwait\fR" model services, and repeated failures do not lead to a
transition to maintenance state. However, a wait service which is repeatedly
exiting with an error that exceeds the default rate (5 failures/second) will be
throttled back so that the service only restarts once per second.
.SS "LEGACY SERVICES"
\fBsvc.startd\fR continues to provide support for services invoked during the
startup run level transitions. Each \fB/etc/rc?.d\fR directory is processed
after all managed services which constitute the equivalent run level milestone
have transitioned to the online state. Standard \fBinit\fR scripts placed in
the \fB/etc/rc?.d\fR directories are run in the order of their sequence
numbers.
.sp
.LP
The milestone to run-level mapping is:
.sp
.ne 2
.na
\fB\fBmilestone/single-user\fR\fR
.ad
.sp .6
.RS 4n
Single-user (\fBS\fR)
.RE

.sp
.ne 2
.na
\fB\fBmilestone/multi-user\fR\fR
.ad
.sp .6
.RS 4n
Multi-user (\fB2\fR)
.RE

.sp
.ne 2
.na
\fB\fBmilestone/multi-user-server\fR\fR
.ad
.sp .6
.RS 4n
Multi-user with network services (\fB3\fR)
.RE

.sp
.LP
Additionally, \fBsvc.startd\fR gives these legacy services visibility in SMF by
inserting an instance per script into the repository. These legacy instances
are visible using standard SMF interfaces such as \fBsvcs\fR(1), always appear
in the \fBLEGACY-RUN\fR state, cannot be modified, and can not be specified as
dependencies of other services. The initial start time of the legacy service is
captured as a convenience for the administrator.
.SH FILES
.ne 2
.na
\fB\fB/var/svc/log\fR\fR
.ad
.RS 21n
Directory where \fBsvc.startd\fR stores log files.
.RE

.sp
.ne 2
.na
\fB\fB/etc/svc/volatile\fR\fR
.ad
.RS 21n
Directory where \fBsvc.startd\fR stores log files in early stages of boot,
before \fB/var\fR is mounted read-write.
.RE

.SH EXAMPLE
\fBExample 1 \fRTurning on Verbose Logging
.sp
.LP
To turn on verbose logging, type the following:

.sp
.in +2
.nf
# /usr/sbin/svccfg -s system/svc/restarter:default
svc:/system/svc/restarter:default> addpg options application
svc:/system/svc/restarter:default> setprop options/logging = \e
astring: verbose
svc:/system/svc/restarter:default> exit
.fi
.in -2
.sp

.sp
.LP
This request will take effect on the next restart of \fBsvc.startd\fR.

.SH SEE ALSO
.BR svcprop (1),
.BR svcs (1),
.BR setsid (2),
.BR syslog (3C),
.BR libscf (3LIB),
.BR scf_value_is_type (3SCF),
.BR contract (5),
.BR init.d (5),
.BR inittab (5),
.BR process (5),
.BR attributes (7),
.BR smf (7),
.BR smf_method (7),
.BR init (8),
.BR kernel (8),
.BR svc.configd (8),
.BR svcadm (8),
.BR svccfg (8)
